New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

CurrentC Alerts Users of Unauthorized Access to Email Addresses

Just hours after publishing a blog post answering some questions about its upcoming CurrentC mobile payments system and touting the security of its cloud-based storage of sensitive information, the company behind the effort, Merchant Customer Exchange (MCX) has alerted users of unauthorized access to their email addresses.
Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.
mcx_currentc_email_breach
Details on the unauthorized access have not been disclosed, but iMore's Nick Arnott earlier this week took a look at some of the personal information being collected by MCX and CurrentC and noted that he could ping CurrentC's systems to look for valid registered email addresses on the system. While he did not find valid addresses, the system appeared capable of returning a substantial amount of personal information about such accounts.

Security has of course been one of the main selling points of Apple's new Apple Pay system, with data stored in a Secure Element on the device and payments authorized through Touch ID and tokenized account numbers being used instead of actual credit card numbers to process transactions.

Related Roundup: Apple Pay


Top Rated Comments

(View all)

23 months ago
I don't even have words to describe the hilarity of this incident. :D
Rating: 126 Votes
23 months ago
Lol, what a mess and it hasn't even rolled out yet.
Rating: 120 Votes
23 months ago
First, it's the email. Then the SSN. Then the checking account number.
Rating: 90 Votes
23 months ago
Begun, has the hacking wars.
Rating: 79 Votes
23 months ago
Well that didn't take long.
Rating: 78 Votes
23 months ago
At least one person seems to love it.

Rating: 60 Votes
23 months ago
Rating: 45 Votes
23 months ago
Another nail in the coffin.

My prediction (http://www.thirty-ninea.com/blog/2014/10/29/like-rats-leaving-a-sinking-ship) is that retailers are going to be bailing from the consortium like rats from a sinking ship before the holiday season.
Rating: 39 Votes
23 months ago
Lolz. Yeah. A merchant-controlled cloud service is more secure than an encrypted secure enclave in my palm. This is stupid.
Rating: 38 Votes
23 months ago
Am I bad for wanting hackers to hack the hell out of this crap app?!

Maybe this service will go still born and everyone can start accepting Apple Pay and Google Wallet payments again.
Rating: 36 Votes

[ Read All Comments ]